Knowledge
-
Describe the relationship between vDS and the vSS
Skills and Abilities
- Understand the use of command line tools to configure appropriate vDS settings on an ESXi host
- Determine use cases for and apply Port Binding settings
- Configure Live Port Moving
- Given a set of network requirements, identify the appropriate distributed switch technology to use
- Configure and administer vSphere Network I/O Control
-
Use command line tools to troubleshoot and identify configuration items from an existing vDS
Understand the use of command line tools to configure appropriate vDS settings on an ESXi host
Official Documentation:
Good reading on the use of CLI tools on vSphere Networking is the vSphere Command-Line Interface Concepts and Examples document. Chapter 9 “Managing vSphere Networking”, section “Setting Up vSphere Networking with vSphere Distributed Switch”, page 122.
Networking Using vSphere Distributed Switches
When you want to connect a virtual machine to the outside world, you can use a standard switch or a distributed switch. With a distributed switch, the virtual machine can maintain its network settings even if the virtual machine is migrated to a different host.
- Each physical network adapter (1) on the host is paired with a distributed uplink port (2), which represents the uplink to the virtual machine. With distributed switches, the virtual machine no longer depends on the host’s physical uplink but on the (virtual) uplink port. You manage a uplink ports primarily using the vSphere Client or vSphere APIs.
- The distributed switch itself (3) functions as a single virtual switch across all associated hosts. Because the switch is not associated with a single host, virtual machines can maintain consistent network configuration as they migrate from one host to another.
Like a standard switch, each distributed switch is a network hub that virtual machines can use. A distributed switch can route traffic internally between virtual machines or link to an external network by connecting to physical network adapters. You create a distributed switch using the vSphere Client UI, but can manage some aspects of a distributed switch with vicfg-vswitch. You can list distributed virtual switches with the esxcli network vswitch command. See “Setting Up Virtual Switches and Associating a Switch with a Network Interface” on page 112.
Retrieving Basic Networking Information
Service console commands for retrieving networking information are not included in the ESXi Shell. You can instead use ESXCLI commands directly in the shell or use vCLI commands.
On ESXi 5.0, ifconfig information should be the information of the VMkernel NIC that attaches to the Management Network port group. You can retrieve information by using ESXCLI commands.
esxcli <conn_options> network ip interface list
esxcli <conn_options> network ip interface ipv4 get -n vmk<X>
esxcli <conn_options> network ip interface ipv6 get -n vmk<X>
esxcli <conn_options> network ip interface ipv6 address list
For information corresponding to the Linux netstat command, use the following ESXCLI command.
esxcli <conn_options> network ip connection list
Setting Up vSphere Networking with vSphere Distributed Switch
A distributed switch functions as a single virtual switch across all associated hosts. A distributed switch allows virtual machines to maintain a consistent network configuration as they migrate across multiple hosts. See “Networking Using vSphere Distributed Switches” on page 111.
Like a vSphere standard switch, each distributed switch is a network hub that virtual machines can use. A distributed switch can forward traffic internally between virtual machines or link to an external network by connecting to uplink adapters.
Each distributed switch can have one or more distributed port groups assigned to it. Distributed port groups group multiple ports under a common configuration and provide a stable anchor point for virtual machines that are connecting to labeled networks. Each distributed port group is identified by a network label, which is unique to the current datacenter. A VLAN ID, which restricts port group traffic to a logical Ethernet segment within the physical network, is optional.
You can create distributed switches by using the vSphere Client. After you have created a distributed switch, you can add hosts by using the vSphere Client, create distributed port groups, and edit distributed switch properties and policies with the vSphere Client. You can add and remove uplink ports by using vicfg-vswitch.
IMPORTANT In vSphere 5.0, you cannot create distributed virtual switches with ESXCLI.
See the vSphere Networking documentation and the white paper available through the Resources link at http://www.vmware.com/go/networking for information about distributed switches and how to configure them using the vSphere Client. You can add and remove distributed switch uplink ports with vicfg-vswitch.
IMPORTANT You cannot add and remove uplink ports with ESXCLI.
After the distributed switch has been set up, you can use vicfg-vswitch to add or remove uplink ports.
Specify one of the options listed in “Connection Options” on page 17 in place of <conn_options>.
Add an uplink port.
vicfg-vswitch <conn_options> –add-dvp-uplink <adapter_name> –dvp <DVPort_id> <dvswitch_name>
Remove an uplink port.
vicfg-vswitch <conn_options> –del-dvp-uplink <adapter> –dvp <DVPort_id> <dvswitch_name>
Determine use cases for and apply Port Binding settings
Vmware Knowledgebase article: KB1022312 Choosing a port binding type.
When choosing a port binding type, consider how you want to connect your virtual machines and virtual network adapters to a vDS and how you intend to use your virtual machines. Port binding type, along with all other vDS and port group configuration, can be set only through vCenter Server.
There are three types of portbinding options:
- Select Static binding to assign a port to a virtual machine when the virtual machine connects to the distributed port group. This option is not available when the vSphere Client is connected directly to ESXi.
- Select Dynamic binding to assign a port to a virtual machine the first time the virtual machine powers on after it is connected to the distributed port group. Dynamic binding is depricated in ESXi 5.0.
- Select Ephemeral for no port binding. This option is not available when the vSphere Client is connected directly to ESXi.
Types of port binding
These three different types of port binding determine when ports in a port group are assigned to virtual machines:
- Static Binding
- Dynamic Binding
- Ephemeral Binding
Static binding
When you connect a virtual machine to a port group configured with static binding, a port is immediately assigned and reserved for it, guaranteeing connectivity at all times. The port is disconnected only when the virtual machine is removed from the port group. You can connect a virtual machine to a static-binding port group only through vCenter Server.
Note: Static binding is the default setting, recommended for general use.
Dynamic binding
In a port group configured with dynamic binding, a port is assigned to a virtual machine only when the virtual machine is powered on and its NIC is in a connected state. The port is disconnected when the virtual machine is powered off or the virtual machine’s NIC is disconnected. Virtual machines connected to a port group configured with dynamic binding must be powered on and off through vCenter.
Dynamic binding can be used in environments where you have more virtual machines than available ports, but do not plan to have a greater number of virtual machines active than you have available ports. For example, if you have 300 virtual machines and 100 ports, but never have more than 90 virtual machines active at one time, dynamic binding would be appropriate for your port group.
Note: Dynamic binding is deprecated in ESXi 5.0.
Ephemeral binding
In a port group configured with ephemeral binding, a port is created and assigned to a virtual machine when the virtual machine is powered on and its NIC is in a connected state. The port is deleted when the virtual machine is powered off or the virtual machine’s NIC is disconnected.
Ephemeral port assignments can be made through ESX/ESXi as well as vCenter, giving you the flexibility to manage virtual machine connections through the host when vCenter is down. Although only ephemeral binding allows you to modify virtual machine network connections when vCenter is down, network traffic is unaffected by vCenter failure regardless of port binding type.
Note: Ephemeral portgroups should be used only for recovery purposes when you want to provision ports directly on host bypassing vCenter Server, not for any other case. This is true for several reasons:
- Scalability
An ESX/ESXi 4.x host can support up to 1016 ephemeral portgroups and an ESXi 5.x host can support up to 256 ephemeral portgroups. Since ephemeral portgroups are always pushed to hosts, this effectively is also the vCenter Server limit. For more information, see Configuration Maximums for VMware vSphere 5.0 and Configuration Maximums for VMware vSphere 4.1. - Performance
Every operation, including add-host and virtual machine power operation, is slower comparatively because ports are created/destroyed in the operation code path. Virtual machine operations are far more frequent than host-add or switch-operations, so ephemeral ports are more demanding in general. - Non-persistent (that is, “ephemeral”) ports
Port-level permissions and controls are lost across power cycles, so no historical context is saved.
Note: In vSphere 5.0, a new advanced option called autoExpand has been introduced. This property of portgroups allows a portgroup to expand automatically by a small predefined margin whenever the portgroup is about to run out of ports.
More information
Vmware vSphere Blog, Why use Static Port Bindings on VDS.
Configure Live Port Moving
Official Documentation: None
Live port migration means a standalone dvPort can be moved to a dvPortGroup and thus acquiring the all the configuration of the dvPortGroup and a dvPort which is a part of a dvPortGroup can be moved out from a dvPortGroup, the subsequent config changes to the dvPortGroup does not apply to this dvPort.
Given a set of network requirements, identify the appropriate distributed switch technology to use
Official Documentation: None
Learn the differences between using the Nexus 1000v vs. VMware distributed virtual switch (vDS).
See http://searchnetworking.techtarget.com.au/articles/38282-VMware-vSwitch-vs-Cisco-Nexus-1-V for more information about this.
Also take a look at a whitepaper from VMware and Cisco called: Virtual Networking features of the VMware vNetwork Distributed Switch and Cisco Nexus 1000V Switch. This whitepaper can be found: http://www.vmware.com/files/pdf/technology/cisco_vmware_virtualizing_the_datacenter.pdf
Configure and administer vSphere Network I/O Control
Official Documentation:
vSphere Networking, Chapter 5 “Managing Network Resources”, Section “vSphere Network I/O Control”, page 37
vSphere Network I/O Control
Network resource pools determine the bandwidth that different network traffic types are given on a vSphere distributed switch.
When network I/O control is enabled, distributed switch traffic is divided into the following predefined network resource pools: Fault Tolerance traffic, iSCSI traffic, vMotion traffic, management traffic, vSphere Replication (VR) traffic, NFS traffic, and virtual machine traffic.
You can also create custom network resource pools for virtual machine traffic. You can control the bandwidth each network resource pool is given by setting the physical adapter shares and host limit for each network resource pool.
The physical adapter shares assigned to a network resource pool determine the share of the total available bandwidth guaranteed to the traffic associated with that network resource pool. The share of transmit bandwidth available to a network resource pool is determined by the network resource pool’s shares and what other network resource pools are actively transmitting. For example, if you set your FT traffic and iSCSI traffic resource pools to 100 shares, while each of the other resource pools is set to 50 shares, the FT traffic and iSCSI traffic resource pools each receive 25% of the available bandwidth. The remaining resource pools each receive 12.5% of the available bandwidth. These reservations apply only when the physical adapter is saturated.
NOTE The iSCSI traffic resource pool shares do not apply to iSCSI traffic on a dependent hardware iSCSI adapter.
The host limit of a network resource pool is the upper limit of bandwidth that the network resource pool can use.
Assigning a QoS priority tag to a network resource pool applies an 802.1p tag to all outgoing packets associated with that network resource pool.
- Enable Network I/O Control on a vSphere Distributed Switch on page 38
Enable network resource management to use network resource pools to prioritize network traffic by type. - Create a Network Resource Pool on page 38
Create user-defined network resource pools for customized network resource management. - Add or Remove Distributed Port Groups from a Network Resource Pool on page 39
Add a distributed port group to a user-defined network resource pool to include in the network resource pool all virtual machine network traffic from that distributed port group. - Edit Network Resource Pool Settings on page 39
You can change network resource pool settings such as allocated shares and limits for each network resource pool to change the priority network traffic for that network resource pool is given. - Delete a Network Resource Pool on page 40
You can delete user-defined network resource pools that are no longer in use.
Enable Network I/O Control on a vSphere Distributed Switch
Enable network resource management to use network resource pools to prioritize network traffic by type.
Prerequisites
Verify that your datacenter has at least one vSphere distributed switch version 4.1.0 or later.
Procedure
- Log in to the vSphere Client and select the Networking inventory view.
- Select the vSphere distributed switch in the inventory pane.
- On the Resource Allocation tab, click Properties.
-
Select Enable Network I/O Control on this vSphere ditributed switch, and click OK.
More information
- VMware Whitepaper: VMware Network I/O Control: Architecture, Performance and Best Practices
- VMware vSphere Blog: Got Network I/O Control?
Use command line tools to troubleshoot and identify configuration items from an existing vDS
Official Documentation:
See the Trainsignal Troubleshooting vSphere course lesson 14, lesson 15.
Another tool that can be used to troubleshoot is the net-dvs commandline tool. This is an unsupported command.
- Located in /usr/lib/vmware/bin (not in the PATH variable so just typing net-dvs won’t work)
-
Can be used to see the vDS settings saved locally on an ESX/i host;
- dvSwitch ID
- dvPort assignments to VMs
- VLAN, CDP information etc
Other exam notes
- The Saffageek VCAP5-DCA Objectives http://thesaffageek.co.uk/vcap5-dca-objectives/
- Paul Grevink The VCAP5-DCA diaries http://paulgrevink.wordpress.com/the-vcap5-dca-diaries/
- Edward Grigson VCAP5-DCA notes http://www.vexperienced.co.uk/vcap5-dca/
- Jason Langer VCAP-DCA notes http://www.virtuallanger.com/vcap-dca-5/
- The Foglite VCAP5-DCA notes http://thefoglite.com/vcap-dca5-objective/
VMware vSphere official documentation
VMware vSphere Basics Guide | html | epub | mobi | |
vSphere Installation and Setup Guide | html | epub | mobi | |
vSphere Upgrade Guide | html | epub | mobi | |
vCenter Server and Host Management Guide | html | epub | mobi | |
vSphere Virtual Machine Administration Guide | html | epub | mobi | |
vSphere Host Profiles Guide | html | epub | mobi | |
vSphere Networking Guide | html | epub | mobi | |
vSphere Storage Guide | html | epub | mobi | |
vSphere Security Guide | html | epub | mobi | |
vSphere Resource Management Guide | html | epub | mobi | |
vSphere Availability Guide | html | epub | mobi | |
vSphere Monitoring and Performance Guide | html | epub | mobi | |
vSphere Troubleshooting | html | epub | mobi | |
VMware vSphere Examples and Scenarios Guide | html | epub | mobi |
Disclaimer.
The information in this article is provided “AS IS” with no warranties, and confers no rights. This article does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion.